Jump to content

hidden Win32/Dynamer!ac


Recommended Posts

Before I start I want to let you know that this comes from a post from earlier were I fixed some drivers that were crashing : https://forums.malwarebytes.org/index.php?/topic/161915-pc-memory-problems-and-freezing/ more info can be found there

 

 

Recently I have noticed my PC was not running as well as it normally has. Google chrome and my other browsers load webpages very VERY slow compared to normal, and they crash alot. My computer has also been running slower overall, and had some weird driver and memory problems that I mentioned in my other post.

 

I decided to scan my computer to make sure everything was ok I searched for virus's on my PC and I scanned it with many anti viruses, Malwarebytes, RogueKiller, TDSSKiller, HitmanPro. The results were few and far between. The only program to detect something bad was HitmanPro 22c63bde7d.png

But here is the weird part, out of all programs Windows Defender detected a Trojan:Win32/Dynamer!ac in a hidden file (C:\Users\jonah_000\NkLviagAvmQR to be exact)

The file cannot be deleted, even with cmd and its hidden from view when I use my file explorer, even with hidden files setting on.

 

I tried searching for a start-up registry for the Trojan and couldn't find one.

I navigated to the file directory provided by windows defender and found a file with an exe inside, it had a random name, and no signature on the file. I trashed it to my recycle bin and deleted it but I know it probably didn't do anything 

the file : 

3f5177ce85.png

note how you can't see it if I go to the parent directory : 550aebd9a0.png

 

 

 

Link to post
Share on other sites

Your replying to yourself will delay someone providing assistance.  A Forum Helper will see a Post with Replies and thus will seek a post w/o replies.

 

  • Create a new post.
  • Choose "More Reply Options" on the bottom Right of the Web Form
  • Now choose "Attach Files" on the bottom Left of the Web Form.
  • Browse and find your ZIP or RAR file.
  • Choose "Add Reply" and there's your post with your attachment(s)

 

 

** Please let me know if you don't get an assistance reply after 48 hours.

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 1 month later...

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/9/2015
Scan Time: 7:49:51 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.10.01
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: jonah_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 524434
Time Elapsed: 20 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

  • Root Admin

Thanks. Please don't use quote tags. Either post directly or attach the logs.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Step 04

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by jonah_000 on Tue 02/10/2015 at 11:03:34.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update jump flip
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util jump flip
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\jonah_000\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\jonah_000\AppData\Roaming\updaterex"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\user.js
Successfully deleted: [File] C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\invalidprefs.js
Successfully deleted the following from C:\Users\jonah_000\AppData\Roaming\mozilla\firefox\profiles\c0q31fre.default\prefs.js
 
user_pref("extensions.xpiState", "{\"app-profile\":{\"iobitascsurfingprotection@iobit.com\":{\"d\":\"C:\\\\Users\\\\jonah_000\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Pr
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/10/2015 at 11:06:50.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Step 05

 

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 11:11:15
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : jonah_000 - JONAH
# Running from : C:\Users\jonah_000\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight
Folder Deleted : C:\Program Files\StageLight
File Deleted : C:\END
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2122 bytes] - [10/02/2015 11:10:24]
AdwCleaner[s0].txt - [1957 bytes] - [10/02/2015 11:11:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2016  bytes] ##########
Link to post
Share on other sites

Step 06

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/10/2015
Scan Time: 11:35:24 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.10.09
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: jonah_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 524453
Time Elapsed: 18 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Step 07

 

C:\Program Files (x86)\Turbo Dismount\Turbo\TurboDismount\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\Sandbox\jonah_000\DefaultBox\user\current\AppData\Local\Temp\regedit_x64.exe a variant of Win32/Injector.Autoit.ABQ trojan
C:\Sandbox\jonah_000\DefaultBox\user\current\AppData\Local\Temp\DCSCMIN\IMDCSC.exe a variant of Win32/Injector.Autoit.ABQ trojan
Link to post
Share on other sites

Step 08

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by jonah_000 (administrator) on JONAH on 10-02-2015 16:25:00
Running from C:\Users\jonah_000\Desktop
Loaded Profiles: jonah_000 (Available profiles: jonah_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2015-02-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2015-02-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-06-21] (Autodesk Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-09] (Valve Corporation)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-12-25] ()
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-01] (Electronic Arts)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44032 2014-11-22] (Microsoft Corporation)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-01-15] (Overwolf LTD)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\RunOnce: [Application Restart #4] => C:\Users\jonah_000\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-01-31] (Pokki)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk
ShortcutTarget: Roccat Talk.lnk -> C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe (ROCCAT GmbH Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jonah_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {4A5FBB3C-FFAE-4ED1-AAD3-984439924A8A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3184068216-3506866942-1434303448-1002 -> {4A5FBB3C-FFAE-4ED1-AAD3-984439924A8A} URL = 
SearchScopes: HKU\S-1-5-21-3184068216-3506866942-1434303448-1002 -> {F76957F1-0A2F-48B8-A4E1-712201AB50CF} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
 
FireFox:
========
FF ProfilePath: C:\Users\jonah_000\AppData\Roaming\Mozilla\Firefox\Profiles\c0q31fre.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: @nsroblox.roblox.com/launcher -> C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-2c1f992c1a264ecc\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-3184068216-3506866942-1434303448-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\jonah_000\AppData\Roaming\Mozilla\Firefox\Profiles\c0q31fre.default\Extensions\iobitascsurfingprotection@iobit.com [2014-12-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-09-28]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Google Drive) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Poper Blocker) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-03-12]
CHR Extension: (YouTube) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Adblock Plus) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-21]
CHR Extension: (Weebly - Website Builder) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2014-03-12]
CHR Extension: (Google Search) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Gmail) - C:\Users\jonah_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [760192 2015-01-10] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2014-06-27] (Apple Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2013-12-31] (Microsoft Corporation)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-24] (altPUG LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [93016 2014-03-03] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-10-23] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-07] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-31] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-11-02] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-04-13] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-30] ()
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-16] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-09-02] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2014-06-25] (Motorola Solutions, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-05] (ELAN Microelectronic Corp.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2015-02-10] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-06-25] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-09-02] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-22] (Microsoft Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-28] (Microsoft Corporation)
S3 ChodDriver; \??\C:\windows\system32\drivers\ChodDriver.sys [X]
S3 cpuz138; \??\C:\windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 16:25 - 2015-02-10 16:25 - 00035464 _____ () C:\Users\jonah_000\Desktop\FRST.txt
2015-02-10 16:24 - 2015-02-10 16:25 - 00000000 ____D () C:\FRST
2015-02-10 16:24 - 2015-02-10 16:24 - 02132992 _____ (Farbar) C:\Users\jonah_000\Desktop\FRST64.exe
2015-02-10 16:22 - 2015-02-10 16:23 - 00000377 _____ () C:\Users\jonah_000\Desktop\ESETscan.txt
2015-02-10 11:55 - 2015-02-10 11:55 - 02347384 _____ (ESET) C:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe
2015-02-10 11:55 - 2015-02-10 11:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-10 11:54 - 2015-02-10 11:54 - 00001041 _____ () C:\Users\jonah_000\Desktop\MWBscan.txt
2015-02-10 11:27 - 2015-02-10 11:11 - 00002096 _____ () C:\Users\jonah_000\Desktop\AdwCleaner[s0].txt
2015-02-10 11:09 - 2015-02-10 11:11 - 00000000 ____D () C:\AdwCleaner
2015-02-10 11:08 - 2015-02-10 11:08 - 02112512 _____ () C:\Users\jonah_000\Desktop\AdwCleaner.exe
2015-02-10 11:06 - 2015-02-10 11:06 - 00001685 _____ () C:\Users\jonah_000\Desktop\JRT.txt
2015-02-10 11:03 - 2015-02-10 11:03 - 01388274 _____ (Thisisu) C:\Users\jonah_000\Desktop\JRT.exe
2015-02-09 21:23 - 2015-02-09 21:23 - 00000000 ____D () C:\windows\ERDNT
2015-02-09 21:22 - 2015-02-09 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\jonah_000\Desktop\erunt-setup.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00000911 _____ () C:\Users\jonah_000\Desktop\NTREGOPT.lnk
2015-02-09 21:22 - 2015-02-09 21:22 - 00000892 _____ () C:\Users\jonah_000\Desktop\ERUNT.lnk
2015-02-09 21:22 - 2015-02-09 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-02-09 21:22 - 2015-02-09 21:22 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-02-09 19:46 - 2015-02-09 19:48 - 00002306 _____ () C:\Users\jonah_000\Desktop\Rkill.txt
2015-02-09 19:46 - 2015-02-09 19:46 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\jonah_000\Desktop\rkill.exe
2015-02-09 19:45 - 2015-02-10 11:17 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-02-09 19:37 - 2015-02-09 19:38 - 00331456 _____ () C:\windows\Minidump\020915-50078-01.dmp
2015-02-09 08:16 - 2015-02-09 19:36 - 1665490876 _____ () C:\windows\MEMORY.DMP
2015-02-09 08:16 - 2015-02-09 08:17 - 00327744 _____ () C:\windows\Minidump\020915-65843-01.dmp
2015-02-08 13:07 - 2015-02-08 13:07 - 00007250 _____ () C:\windows\DPINST.LOG
2015-02-08 13:07 - 2015-02-08 13:06 - 00039008 _____ (Lenovo.) C:\windows\system32\Drivers\LhdX64.sys
2015-02-08 13:07 - 2015-02-08 13:06 - 00019872 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoSDKEmSubSystem.dll
2015-02-08 13:05 - 2015-02-08 13:05 - 52872808 _____ (Lenovo Group Limited ) C:\Users\jonah_000\Desktop\em8180214.exe
2015-02-08 11:00 - 2015-02-08 11:04 - 00000000 ____D () C:\Users\jonah_000\Desktop\spare
2015-02-07 20:43 - 2015-02-07 20:43 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-02-07 19:35 - 2015-02-07 19:36 - 00325384 _____ () C:\windows\Minidump\020715-46296-01.dmp
2015-02-07 16:23 - 2015-02-07 16:23 - 00001920 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-07 16:23 - 2015-02-07 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-07 16:23 - 2015-02-07 16:23 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-07 08:31 - 2015-02-07 08:33 - 04214344 _____ () C:\Users\jonah_000\Desktop\020715-36453-01.dmp
2015-02-05 17:59 - 2015-02-05 17:59 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Steam
2015-02-04 19:12 - 2014-12-09 16:21 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2015-02-04 17:52 - 2015-02-10 15:57 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 17:52 - 2015-02-10 11:14 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 20:00 - 2015-02-03 20:00 - 00004773 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AtrazineChecker.lnk
2015-02-02 21:13 - 2015-02-02 21:14 - 00000005 _____ () C:\Users\jonah_000\Desktop\SafeProcess.txt
2015-02-01 20:04 - 2015-02-01 20:03 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-02-01 20:04 - 2015-02-01 20:03 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-02-01 20:04 - 2015-02-01 20:03 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-02-01 20:04 - 2015-02-01 20:02 - 00897960 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2015-02-01 20:04 - 2015-02-01 20:02 - 00818088 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2015-02-01 20:04 - 2015-02-01 20:02 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-02-01 20:04 - 2015-02-01 20:02 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-01 20:04 - 2015-02-01 20:02 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-01 20:04 - 2015-02-01 20:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-01 15:22 - 2015-02-01 15:22 - 00215416 _____ () C:\windows\SysWOW64\PnkBstrB.exe
2015-02-01 15:16 - 2015-02-01 15:16 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\ESN
2015-01-31 23:36 - 2015-01-31 23:42 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2015-01-31 23:34 - 2015-01-31 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2015-01-31 23:32 - 2015-01-31 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-31 23:32 - 2015-01-31 23:32 - 00000000 ____D () C:\Program Files\Oracle
2015-01-31 23:32 - 2014-11-21 14:57 - 00916024 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-01-31 23:32 - 2014-11-21 14:55 - 00128080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-01-31 23:31 - 2015-01-31 23:31 - 00740775 _____ () C:\ProgramData\AndyDrivers.zip
2015-01-31 11:35 - 2015-01-31 11:46 - 00000013 _____ () C:\Users\jonah_000\Desktop\ATprocess.txt
2015-01-31 09:49 - 2015-01-31 09:49 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00377856 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00220672 _____ (Microsoft Corporation) C:\windows\SysWOW64\dplayx.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\dpnathlp.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnathlp.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpwsockx.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\dpnsvr.exe
2015-01-31 09:49 - 2015-01-31 09:49 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnsvr.exe
2015-01-31 09:49 - 2015-01-31 09:49 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\dplaysvr.exe
2015-01-31 09:49 - 2015-01-31 09:49 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpmodemx.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhupnp.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhpast.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhupnp.dll
2015-01-31 09:49 - 2015-01-31 09:49 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhpast.dll
2015-01-31 09:48 - 2015-01-31 09:52 - 00000000 ____D () C:\Users\jonah_000\Documents\GTA San Andreas User Files
2015-01-30 18:35 - 2015-01-30 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-30 18:35 - 2015-01-30 18:35 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-27 19:12 - 2015-01-27 19:12 - 00000000 ____D () C:\windows\SysWOW64\NV
2015-01-27 19:12 - 2015-01-27 19:12 - 00000000 ____D () C:\windows\system32\NV
2015-01-27 19:11 - 2015-01-09 17:29 - 00075080 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2015-01-27 19:11 - 2015-01-09 17:29 - 00062608 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 32102544 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 25459856 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 24765584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 20465296 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 18566296 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 17250776 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 16009120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 14115944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 13295552 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 13210248 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 10774544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 10714488 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 10274448 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-01-27 19:10 - 2015-01-10 02:07 - 03607184 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 03298816 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 03245712 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 02902456 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 01895240 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434725.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 01556808 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434725.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00994712 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00969360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00942736 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00929424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00906384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00877488 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00496456 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00399688 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00390472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00353040 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00345744 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00305320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00177624 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00164568 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2015-01-27 19:10 - 2015-01-10 02:07 - 00031376 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2015-01-27 19:10 - 2015-01-10 02:07 - 00027441 _____ () C:\windows\system32\nvinfo.pb
2015-01-27 19:06 - 2015-02-08 10:57 - 00001691 _____ () C:\windows\setupact.log
2015-01-27 19:06 - 2015-01-27 19:06 - 00000000 _____ () C:\windows\setuperr.log
2015-01-27 18:43 - 2015-01-27 18:43 - 00002542 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battlestar Galactica.lnk
2015-01-25 10:24 - 2015-01-25 10:24 - 00000000 ____D () C:\ProgramData\Deskto
2015-01-24 09:17 - 2015-01-24 09:17 - 00002384 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Godfather.lnk
2015-01-22 18:53 - 2015-01-22 18:53 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\TaiG
2015-01-22 17:54 - 2015-01-22 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-22 17:53 - 2015-01-22 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\Program Files\iTunes
2015-01-22 17:51 - 2015-01-22 17:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-22 17:51 - 2015-01-22 17:51 - 00000000 ____D () C:\Program Files\iPod
2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys
2015-01-17 21:45 - 2015-01-17 21:45 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\.StarMade
2015-01-14 16:53 - 2015-02-01 15:34 - 00004324 _____ () C:\windows\PFRO.log
2015-01-14 16:48 - 2015-02-10 13:02 - 01332771 _____ () C:\windows\WindowsUpdate.log
2015-01-11 20:36 - 2012-01-15 17:55 - 00000000 ____D () C:\Users\jonah_000\Desktop\Spoof extensions
2015-01-11 10:47 - 2015-02-10 15:53 - 00004978 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JONAH-jonah_000 Jonah
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 16:00 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-10 15:33 - 2014-01-04 22:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 11:31 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-10 11:24 - 2013-12-25 08:25 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3184068216-3506866942-1434303448-1002
2015-02-10 11:16 - 2014-06-28 10:21 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\CrashDumps
2015-02-10 11:15 - 2014-12-18 04:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 11:15 - 2014-06-04 15:43 - 00000000 ___RD () C:\Users\jonah_000\SkyDrive
2015-02-10 11:15 - 2013-12-26 20:44 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Adobe
2015-02-10 11:13 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-10 11:11 - 2013-12-25 08:15 - 00000000 ____D () C:\Users\jonah_000
2015-02-10 11:11 - 2013-10-30 16:02 - 00031232 _____ () C:\windows\system32\VfService.trf
2015-02-10 11:03 - 2014-06-24 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-10 10:29 - 2013-08-28 02:36 - 00915466 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-10 01:42 - 2013-12-25 08:15 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\Pokki
2015-02-09 20:39 - 2013-12-25 08:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-09 19:40 - 2013-12-25 08:56 - 11292160 ___SH () C:\Users\jonah_000\Desktop\Thumbs.db
2015-02-09 19:37 - 2013-12-25 09:33 - 00000000 ____D () C:\windows\Minidump
2015-02-09 19:33 - 2013-12-26 14:44 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Skype
2015-02-09 11:15 - 2013-12-27 10:09 - 00000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-08 13:05 - 2014-01-10 23:32 - 00000000 ____D () C:\Users\jonah_000\Desktop\2160p ULTRA HD Wallpaper collection
2015-02-07 19:39 - 2014-06-30 15:41 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-07 10:05 - 2013-12-25 10:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 08:43 - 2014-05-10 15:16 - 00059105 _____ () C:\windows\system32\lvcoinst.log
2015-02-06 18:09 - 2013-08-22 08:44 - 05249440 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-05 22:59 - 2014-12-13 12:17 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 19:11 - 2014-03-12 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-02-04 18:33 - 2014-01-04 22:25 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 18:26 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
2015-02-04 17:52 - 2014-03-12 19:22 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 17:52 - 2014-03-12 19:22 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 21:14 - 2013-12-26 13:38 - 00000000 ____D () C:\Users\jonah_000\Desktop\NOTES
2015-02-02 20:39 - 2013-12-25 10:47 - 00000000 ____D () C:\Users\jonah_000\Documents\Visual Studio 2013
2015-02-01 20:04 - 2014-03-10 22:01 - 00000000 ____D () C:\Program Files\Java
2015-02-01 20:04 - 2013-12-25 08:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 20:04 - 2013-12-25 08:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-01 20:03 - 2014-03-10 22:02 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-02-01 18:39 - 2013-12-25 08:34 - 00000000 ____D () C:\Users\jonah_000\Desktop\GAMES
2015-02-01 15:34 - 2013-12-29 22:38 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-01 15:29 - 2014-04-05 19:22 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\OBS
2015-02-01 15:13 - 2014-04-05 19:22 - 00000000 ____D () C:\Program Files\OBS
2015-02-01 14:50 - 2013-12-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-01 09:26 - 2014-12-10 18:37 - 00000298 _____ () C:\windows\Tasks\Uninstaller_SkipUac_jonah_000.job
2015-02-01 09:24 - 2013-12-25 08:33 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-01 09:18 - 2013-10-30 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-01 09:18 - 2013-10-30 15:56 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-01 09:18 - 2013-10-30 15:54 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-01 09:18 - 2013-10-30 15:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 09:13 - 2014-06-27 12:13 - 00000000 ____D () C:\Users\jonah_000\VirtualBox VMs
2015-02-01 09:13 - 2013-12-25 08:21 - 00002351 _____ () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-01-31 23:41 - 2014-06-27 12:13 - 00000000 ____D () C:\Users\jonah_000\.VirtualBox
2015-01-31 22:50 - 2014-01-16 11:09 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2015-01-31 12:26 - 2014-07-03 11:37 - 00000000 ___RD () C:\Users\jonah_000\Dropbox
2015-01-31 11:28 - 2014-06-29 15:19 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Dropbox
2015-01-31 10:00 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-30 20:50 - 2014-10-08 12:16 - 00000000 ____D () C:\Users\jonah_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 19:24 - 2014-06-30 15:31 - 00000000 ____D () C:\Users\jonah_000\Desktop\ICONS
2015-01-27 19:12 - 2014-12-07 10:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 20:19 - 2014-01-04 22:14 - 00000000 ____D () C:\Users\jonah_000\AppData\Local\LogMeIn Hamachi
2015-01-24 17:38 - 2014-06-16 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 19:37 - 2014-12-19 19:36 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-22 17:54 - 2014-07-27 11:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-22 17:51 - 2014-09-29 16:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 17:51 - 2014-02-08 21:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-16 00:41 - 2014-12-26 22:46 - 01278920 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2015-01-16 00:41 - 2014-07-20 13:15 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2015-01-16 00:41 - 2014-07-20 13:15 - 01316184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2015-01-16 00:41 - 2013-12-26 10:50 - 01514528 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2015-01-13 17:04 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\LiveKernelReports
 
==================== Files in the root of some directories =======
 
2013-12-27 10:09 - 2015-02-09 11:15 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CC Prefs
2014-05-10 16:35 - 2014-05-11 08:15 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-17 20:42 - 2014-04-18 16:07 - 0000132 _____ () C:\Users\jonah_000\AppData\Roaming\Adobe Targa Format CC Prefs
2014-01-26 23:46 - 2014-09-17 18:52 - 0253440 ___SH () C:\Users\jonah_000\AppData\Roaming\Thumbs.db
2014-01-26 11:48 - 2014-07-02 14:49 - 0001456 _____ () C:\Users\jonah_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-08-25 18:26 - 2014-08-25 18:26 - 0000000 _____ () C:\Users\jonah_000\AppData\Local\debuggee.mdmp
2014-01-03 13:06 - 2015-01-03 22:20 - 0007600 _____ () C:\Users\jonah_000\AppData\Local\Resmon.ResmonCfg
2014-06-28 14:40 - 2014-06-28 14:40 - 0000000 _____ () C:\Users\jonah_000\AppData\Local\test.txt
2015-01-31 23:31 - 2015-01-31 23:31 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2013-10-30 15:43 - 2013-10-30 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\jonah_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfzbkjk.dll
C:\Users\jonah_000\AppData\Local\Temp\HitmanPro.exe
C:\Users\jonah_000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\jonah_000\AppData\Local\Temp\oct2D0F.tmp.exe
C:\Users\jonah_000\AppData\Local\Temp\oct2F60.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 
LastRegBack: 2015-02-02 17:55
 
==================== End Of Log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by jonah_000 at 2015-02-10 16:26:21

Running from C:\Users\jonah_000\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden

.NET Reflector Desktop (HKLM-x32\...\{60EDFDF5-224E-4CB3-8BE8-55A6D852C0A8}) (Version: 8.3.3.115 - Red Gate Software Ltd)

.NET Reflector Visual Studio Extension 8.3 (HKLM-x32\...\{78AB5E88-4A49-43FF-9657-37935971F355}) (Version: 8.3.3.115 - Red Gate Software Ltd)

.NET Streamer (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\24ce9279ad03bb02) (Version: 4.0.0.4 - TRANSLU6DE)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)

AlienFX for KoneXTD (Version: 1.02 - Roccat GmbH) Hidden

altPUG (HKLM-x32\...\{4FC41018-ABBF-47A0-B917-2DA88C04DA7D}) (Version: 1.2 - altPUG LLC)

Angry Birds Star Wars II 1.0.4 (HKLM-x32\...\Angry Birds Star Wars II 1.0.4) (Version: 1.0.4 - Cat-A-Cat)

Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)

Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)

Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden

Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)

Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)

Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)

Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)

Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden

Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)

Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)

Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)

Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)

Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)

Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden

Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)

Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden

AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden

Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)

Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

Battlestar Galactica (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_f89da3e39e25e3d2803f4028a3b83c692154961e) (Version: v1.1.1 - Pokki)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)

Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden

Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden

Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)

Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)

Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)

Camtasia Studio 8 (HKLM-x32\...\{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}) (Version: 8.4.2.1768 - TechSmith Corporation)

CCG Launcher version 0.7 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.7 - Custom Combat Gaming)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)

Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden

Dropbox (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Dropbox) (Version: 3.2.2 - Dropbox, Inc.)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)

Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden

Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.4 - Telerik)

Futuremark SystemInfo (HKLM-x32\...\{EC2B7377-A71D-4F99-87BC-792AE239D3B2}) (Version: 4.31.478.0 - Futuremark)

GameMaker-Studio 1.3 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)

Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)

Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.)

Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle)

join.me (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)

Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)

K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )

Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)

Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden

Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.26.1 - ELAN Microelectronic Corp.)

Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)

Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)

LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden

LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden

LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden

LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden

Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)

Metro: Last Light © Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)

Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{3F7D7ED5-979A-4F96-AE25-DDA54B3E2D2B}) (Version: 10.0.1794.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Windows - ENU (HKLM-x32\...\{78095723-ced1-49b3-b0ac-8598452ef0ec}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio Premium 2013 (HKLM-x32\...\{cbf78dde-975d-44b1-a5a1-17bdd063bf76}) (Version: 12.0.21005.13 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Module Microsoft Report Viewer pour Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)

MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0a1 - Mozilla)

My Game Long Name (HKLM\...\UDK-b572340e-9cc0-405e-b9a9-2b6eaf1c762c) (Version:  - Epic Games, Inc.)

Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)

Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

NEOTOKYO° (HKLM-x32\...\Steam App 244630) (Version:  - STUDIO RADI-8)

Netflix (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_f356775052cadffd19a420ccdfaa87ea13120bef) (Version: 1.0.4.56238 - Pokki)

Nightly 37.0a1 (x86 en-US) (HKLM-x32\...\Nightly 37.0a1 (x86 en-US)) (Version: 37.0a1 - Mozilla)

Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)

No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden

Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)

PlanetSide 2 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)

PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

Project3 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Project3) (Version:  - )

Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)

puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)

Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)

Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden

Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)

Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )

ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Player for jonah_000 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 for jonah_000 (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)

Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0013 - Roccat GmbH)

Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)

SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)

Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden

Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)

Snoopy vs. The Red Baron (HKLM-x32\...\Snoopy vs. The Red Baron) (Version:  - NAMCO BANDAI Games)

SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)

StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)

Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version:  - Aspyr Studios)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Start Menu (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Chronicles of Riddick: Escape From Butcher Bay (HKLM-x32\...\{A8DE8C34-7F51-4cc8-B326-C425793EE741}) (Version: 1.1 - http://www.vugames-europe.com)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Godfather (HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\Pokki_923d0f1d35897f6a6a73ba838623cda94c4ab689) (Version: v1.2.5 - Pokki)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)

Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)

TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden

Unreal Engine (HKLM\...\{38F69744-A2C5-4913-813B-7001D6CDC130}) (Version: 1.0.3.0 - Epic Games, Inc.)

Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)

UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

War Thunder Launcher 1.0.1.302 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)

WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden

WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)

Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden

Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden

World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)

Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

07-02-2015 10:04:34 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

07-02-2015 10:05:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

08-02-2015 13:06:28 Installed Energy Management

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0BFC49B4-9EBC-452A-83BB-7006879C0FD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {203F8CBC-303D-47A0-B87C-4F5686BDDB23} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-05] ()

Task: {34CFF08F-4B2E-48A7-854C-A43E5A851634} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-18] (Microsoft Corporation)

Task: {3897393D-62EC-43B2-9148-C10577FCFD24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {39CD3564-A31C-4379-B8B8-437F0A061B85} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-06-05] ()

Task: {4A63C308-C092-42C9-BE48-A84804CC8175} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {4F0912C2-D2B4-45D5-A4A6-E49031AFBD92} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JONAH-jonah_000 Jonah => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-18] (Microsoft Corporation)

Task: {75D87707-117C-4238-9955-69E88DB22EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)

Task: {7E2457ED-AE91-421F-B3B2-1803D9AC7919} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {7F1DA4DC-790F-4ED2-82A9-AF30BA714ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-12] (Google Inc.)

Task: {9DD14DF8-6B14-4A34-9586-0CCD12DD8413} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)

Task: {A1653786-7815-43FE-A5A5-A13CC84DAF0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {C4190425-7B78-4646-BF61-A988A2C5B62E} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)

Task: {C86B4162-A692-4FD8-BEE1-E651E0F6EE5F} - System32\Tasks\Uninstaller_SkipUac_jonah_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)

Task: {DBF70897-6037-4CAB-A879-1FD8D8D36909} - System32\Tasks\{674098D8-2BA8-4600-B450-F7FE60D55771} => pcalua.exe -a C:\Users\jonah_000\AppData\Local\Roblox\Versions\version-c04585a2d58a4f29\RobloxPlayerLauncher.exe -c -uninstall

Task: {E0E9BEE5-9223-4D75-B1B5-345B66A3DF36} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE

Task: {E1DC89D1-A59B-45C5-823A-BF3FF5A8159C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

Task: {EF7181CC-7252-4EDF-8A69-5024E1095621} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3184068216-3506866942-1434303448-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {FAA55874-33B1-4A82-B7C6-AAEF8D7986B6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

Task: C:\windows\Tasks\Uninstaller_SkipUac_jonah_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-12-07 10:10 - 2015-01-09 17:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-12-18 18:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-04-05 18:46 - 2014-11-02 11:08 - 00076152 _____ () C:\windows\system32\PnkBstrA.exe

2014-12-09 16:22 - 2014-12-09 16:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2013-10-30 16:02 - 2013-10-30 16:02 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

2013-10-30 16:02 - 2013-10-30 16:02 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll

2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2014-12-18 19:27 - 2014-12-18 19:27 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-07-19 12:57 - 2014-06-21 00:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll

2014-07-19 12:57 - 2014-06-21 00:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-24 19:21 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll

2014-12-10 18:36 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl

2014-12-10 18:36 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl

2014-12-10 18:36 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

2013-10-30 15:40 - 2013-08-08 14:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-05 22:59 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\jonah_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (2).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (3).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive (4).old:ms-properties

AlternateDataStreams: C:\Users\jonah_000\SkyDrive.old:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16368753.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16368753.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jonah_000\Desktop\2160p ULTRA HD Wallpaper collection\spectacular_desert_landscape-wallpaper-3840x2160.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Roccat Talk.lnk"

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"

HKLM\...\StartupApproved\Run: => "OnekeyStudio"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "Lenovo App Shop"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "RazerGameBooster"

HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"

HKLM\...\StartupApproved\Run32: => "ADSKAppManager"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "Razer Synapse"

HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "Andy"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "puush"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Speech Recognition"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Clownfish"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "SandboxieControl"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "CCleaner"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "GameTracker"

HKU\S-1-5-21-3184068216-3506866942-1434303448-1002\...\StartupApproved\Run: => "Overwolf"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3184068216-3506866942-1434303448-500 - Administrator - Disabled)

Guest (S-1-5-21-3184068216-3506866942-1434303448-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3184068216-3506866942-1434303448-1004 - Limited - Enabled)

jonah_000 (S-1-5-21-3184068216-3506866942-1434303448-1002 - Administrator - Enabled) => C:\Users\jonah_000

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: Windows cannot load classes registry file.

 DETAIL - The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 

 DETAIL - The configuration registry database is corrupt.

 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

Error: (02/10/2015 11:55:57 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

 

 

System errors:

=============

Error: (02/10/2015 11:54:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (02/10/2015 11:30:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 28845PhilinoTechnologies.FlappyBird.

 

Error: (02/10/2015 11:30:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Evernote.Evernote.

 

Error: (02/10/2015 11:30:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: McAfeeInc.06.McAfeeSecurityAdvisorforLenovo.

 

Error: (02/10/2015 11:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E0469640.CameraMan.

 

Error: (02/10/2015 11:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 600CCC33.GIFViewer.

 

Error: (02/10/2015 11:30:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E046963F.LenovoSupport.

 

Error: (02/10/2015 11:30:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.XboxCompanion.

 

Error: (02/10/2015 11:30:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 34791E63.CanonInkjetPrintUtility.

 

Error: (02/10/2015 11:30:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 4DF9E0F8.Netflix.

 

 

Microsoft Office Sessions:

=========================

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 04:24:38 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

 

Error: (02/10/2015 11:55:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)

Description: The configuration registry database is corrupt.

C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

Error: (02/10/2015 11:55:59 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe

 

Error: (02/10/2015 11:55:57 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\jonah_000\Desktop\esetsmartinstaller_enu.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-14 19:08:33.320

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:33.195

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:31.516

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:31.391

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:24.444

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:24.319

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:15.930

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:08:15.789

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:07:23.014

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-01-14 19:07:22.874

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz

Percentage of memory in use: 65%

Total physical RAM: 8104.27 MB

Available physical RAM: 2833.54 MB

Total Pagefile: 16296.27 MB

Available Pagefile: 10806.64 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:891.98 GB) (Free:201.34 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:15.3 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 090CA1D4)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Well at this point it looks like you need to try and create a new user profile as your profile is corrupted. Not a good thing on a new machine as that could potentially point to a memory or hard drive failure possibly.

 


Application errors:
==================
Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (02/10/2015 04:24:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\jonah_000\AppData\Local\Microsoft\Windows\\UsrClass.dat

 

 

Please see the following article on how to create a new user account.

 

How to Create a New User Account in Windows 8.1

 

Then you'll also need to try and copy over your data from that account to the new one.

 

 

Please look in this folder for dump files and zip and attach the newest one.

 

C:\windows\Minidump\

 

Thanks

Link to post
Share on other sites

  • Root Admin

Could I possibly just do a system restore to factory conditions?

 

It's possible it might fix it. The debug file appears to indicate that the Nvidia video driver may be what is crashing but that could be due to infection or security software or possibly a damaged driver.

 

You could try to reinstall the latest video driver for your system from the Manufacturer website but that would not fix the corrupted registry file.

Creating a new user account would or should fix that but you can try to restore the system back to before this issue happened and see if that fixes it or not. Then if still infected we could clean it but you'd hopefully still have a good working registry user file.

 

This article should be able to assist you in doing a Restore. Try to go back far enough that you think the issue was not on the computer if possible.

 

http://www.eightforums.com/tutorials/4692-system-restore-how-do-windows-8-a.html

 

Let me know how it goes.

Link to post
Share on other sites

  • Root Admin

Well you may not have to if there are no further signs of an issue. Try restarting the computer about 5 or 6 times with at least 10 minutes between reboots.

Then if all looks well run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs and I'll review it and see how it looks.

 

Thanks

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.